cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11925,https://securityvulnerability.io/vulnerability/CVE-2024-11925,Unauthenticated Attackers Can Easily Escalate Privileges on JobSearch WP Job Board Plugin,"The JobSearch WP Job Board plugin for WordPress allows unauthenticated attackers to exploit a privilege escalation vulnerability stemming from inadequate verification of user identities during the email address verification process in the user_account_activation function. This security flaw affects all versions up to and including 2.6.7, enabling unauthorized users to log in as any registered user, potentially including site administrators, provided they have knowledge of the users' email addresses. The oversight creates significant security risks for WordPress sites utilizing this plugin, necessitating prompt action to secure the affected installations.",Wordpress,Jobsearch WP Job Board,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-28T07:14:07.539Z,0
CVE-2024-8615,https://securityvulnerability.io/vulnerability/CVE-2024-8615,Unauthenticated File Upload Vulnerability in JobSearch WP Job Board Plugin Could Lead to Remote Code Execution,"The JobSearch WP Job Board plugin for WordPress features a vulnerability that permits unauthenticated attackers to upload arbitrary files to the server. This issue arises from a lack of proper file type validation in the jobsearch_location_load_excel_file_callback() function. All versions of the plugin up to and including 2.6.7 are affected, enabling potential exploitation that could lead to remote code execution on the affected site's infrastructure.",Wordpress,Jobsearch WP Job Board,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-11-06T09:15:00.000Z,0
CVE-2024-8614,https://securityvulnerability.io/vulnerability/CVE-2024-8614,Arbitrary File Upload Vulnerability in JobSearch WP Job Board Plugin,"The JobSearch WP Job Board plugin for WordPress has a security vulnerability that permits arbitrary file uploads, stemming from insufficient file type validation in the `jobsearch_wp_handle_upload()` function. This flaw affects all versions up to and including 2.6.7, allowing authenticated users, including those with subscriber-level access and higher, to upload malicious files to the server. This successful exploit could pave the way for potential remote code execution, posing significant risks to the integrity and security of the affected WordPress site.",Wordpress,Jobsearch WP Job Board,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-11-06T09:15:00.000Z,0
CVE-2023-6584,https://securityvulnerability.io/vulnerability/CVE-2023-6584,Email Address Vulnerability in WP JobSearch WordPress Plugin,The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.,Wordpress,WP Jobsearch,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-02-27T08:30:26.628Z,0
CVE-2023-6585,https://securityvulnerability.io/vulnerability/CVE-2023-6585,Unauthenticated File Upload Vulnerability in WP JobSearch WordPress Plugin,"The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server",Wordpress,WP Jobsearch,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-02-27T08:30:25.818Z,0
CVE-2021-4364,https://securityvulnerability.io/vulnerability/CVE-2021-4364,Authorization Bypass in JobSearch WP Job Board Plugin for WordPress,"The JobSearch WP Job Board plugin for WordPress has a serious vulnerability that allows authenticated attackers to bypass authorization checks due to a missing capability in the jobsearch_add_job_import_schedule_call() function. This flaw affects versions up to and including 1.8.1, enabling unauthorized modifications to job schedules, thus compromising the integrity and functionality of the application. Site owners using this plugin are advised to update to the latest version immediately to mitigate potential risks.",Wordpress,Jobsearch WP Job Board,4.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,false,false,2023-06-07T01:51:30.752Z,0
CVE-2021-4361,https://securityvulnerability.io/vulnerability/CVE-2021-4361,Authorization Bypass Vulnerability in JobSearch WP Job Board Plugin for WordPress,"The JobSearch WP Job Board plugin, utilized within WordPress sites, is susceptible to an authorization bypass vulnerability. Due to a missing capability check in the jobsearch_job_integrations_settin_save AJAX action, an authenticated attacker may exploit this weakness to modify arbitrary settings on the site. This could lead to unauthorized changes and potential management of site configurations without proper permissions, emphasizing the need for timely updates and security measures.",Wordpress,Jobsearch WP Job Board,8.8,HIGH,0.004220000002533197,false,,false,false,false,,false,false,2023-06-07T01:51:28.550Z,0
CVE-2021-4352,https://securityvulnerability.io/vulnerability/CVE-2021-4352,Authorization Bypass in JobSearch WP Job Board Plugin for WordPress,"The JobSearch WP Job Board plugin for WordPress is susceptible to an authorization bypass due to a lack of capability checks in the save_locsettings function. This vulnerability allows unauthenticated attackers to modify plugin settings, potentially jeopardizing the integrity and security of the WordPress site. Websites utilizing affected versions (up to and including 1.8.1) should prioritize updating the plugin to mitigate risks associated with unauthorized changes.",Wordpress,Jobsearch WP Job Board,5.3,MEDIUM,0.0014299999456852674,false,,false,false,false,,false,false,2023-06-07T01:51:21.174Z,0
CVE-2022-1168,https://securityvulnerability.io/vulnerability/CVE-2022-1168,JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS),There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.,Wordpress,WP Jobsearch,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,false,false,2022-04-04T15:36:08.000Z,0
CVE-2021-24421,https://securityvulnerability.io/vulnerability/CVE-2021-24421,WP JobSearch < 1.7.4 - Authenticated Stored XSS,"The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue",Wordpress,WP Jobsearch,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-12T19:20:56.000Z,0